I keep getting the following error, when attempting to run an MA via a PowerShell script, under a service account. I already added the service account to the local FIMSyncAdmins group. I even added it to the local Administrators group. It is still refusing to allow the account to access the WMI class!!! It works fine when I run it under my account, and I don't see anything different between the permissions on my account, and the permissions on the service account that I am trying to use.
Get-WmiObject : Access denied
At C:\System\UserProfile.MIMSync\SharePointMultiSync.psm1:551 char:13
+ Get-WmiObject -Class MIIS_ManagementAgent -Namespace root ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
MA not found:
At C:\System\UserProfile.MIMSync\SharePointMultiSync.psm1:492 char:13
+ throw "MA not found: $Name"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (MA not found: :String) [], RuntimeException
+ FullyQualifiedErrorId : MA not found:
The specific line that is throwing the error is:
Get-WmiObject -Class MIIS_ManagementAgent -Namespace root/MicrosoftIdentityIntegrationServer
Running that under the service account produces the following error:
Get-WmiObject : Access denied
At line:1 char:1
+ Get-WmiObject -Class MIIS_ManagementAgent -Namespace root/MicrosoftId ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
I even checked the permissions on the root/MicrosoftIdentityIntegrationServer namespace, and verified that the FIMSyncAdmins group has permissions.
HELP!!!!